Instacart Customers Data Sold on Dark Web, Report Says
Grocery delivery services might be one of the flourishing businesses amid the coronavirus pandemic. People can not just help but rely on delivery services, especially now that social interactions are limited.
However, there might be another problem surfacing from this fast solution addressing our needs during the coronavirus pandemic. Is your personal information safe?
Instacart customers are faced with privacy issues right now with reports, saying thousands of information of Instacart customers are being sold on the dark web. The data includes names, the last four digits of credit card numbers, and order histories.
Sellers in two dark web stores were offering information from what seems to be 278,531 accounts, as of Wednesday. Some may be duplicates.
Instacart spokesperson said the company had "millions of customers across the U.S. and Canada." The company also denied that there had been a data privacy violation. The company spokesperson said that outside the Instacart platform, they might be attackers that are targeting individuals through phishing.
"In instances where we believe a customer's account may have been compromised through an external phishing scam outside of the Instacart platform or other action, we proactively communicate to our customers to auto-force them to update their password," the firm's spokesperson said in a BuzzFeed News report.
The source of the information was unknown. This included email addresses and shopping data, which have been uploaded from at least June until today. Head of cybersecurity firm Security Fanatics, Nick Espinosa, said it looks recent and totally legit after reviewing the accounts being sold.
Two customers, whose personal information was for sale, confirmed that they were using Instacart's services. Their last order and amount matched what was on the dark web. This includes their credit card information.
Instacart customer Hannah Chester said she doesn't know what to say and she doesn't know if this is the grocer delivery service company's negligence. Chester noted that if the Instacart were aware of the incident and still haven't informed their customers, "that's problematic."
Chester got in touch with Instacart customer support and Instacart told her that the issue was likely because of password reuse on other websites or apps. Chester, however, said she does not reuse passwords for her different logins.
The other customer, who was asked for her full name not to be used, said she would cancel her Instacart account and use a different service.
"I feel like if you know about it, why in the world don't they? Why haven't they reached out?," Mary M. was quoted in a BuzzFeed News report.
The personal information was being sold for around $2 per customer. Reports said personal data of using Instacart accounts had been added from June to July. The most recent upload was on July 22.
Zoom Accounts on The Dark Web
Unfortunately, Instacart was not the only one to have their customers' personal data found on the dark web. More than 500,000 users of Zoom Video Communications Inc. have also been found for sale on the dark web.
The data also include email address, password, personal meeting URL, and HostKey. Some of the Zoom accounts were being offered for free, others for less than one cent each.
The reason behind this was "so that hackers can use them in zoom-bombing pranks and malicious activities," according to a report.
Check these out:
Threat Level Thursday: iOS Security, Tor Anonymity, HHS, the Navy, and Exploiting an Exploit
Google, Step Aside: Vocativ Taps into the 'Deep Web' and Finds a Social Media-Global Gold Mine
Social Media Saturday: Facebook's Dark Web Dragnet, Twitter's Audio Cards, Tumblr & Vine Launch New Apps